1601 PR.04 VPN Eligibility & Access Procedure
Virtual Private Networking (VPN) allows users to connect securely to Yale resources from a remote location. Depending on your duties at Yale, use of the VPN may be required or encouraged.
This procedure outlines who is eligible to access Yale VPN services and the procedure for requesting an exception for the ineligible.
Access to the VPN is limited to individuals with an active NetID and Yale Affiliation of one of the following types:
- Faculty (current and retired)
- Matriculating students
- Staff (current and retired)
The following individuals and groups are not eligible for access to the Yale VPN services:
- University Systems
- Those with an inactive NetID
- Those with no NetID
- Sponsored Identities
Ineligible users with an active NetID can request an access exception. In order to be eligible for an access exception, one of the following conditions must be met:
- For Users without a NetID
- These users must first obtain a NetID.
- The University will not grant VPN access to an individual who is not eligible for a NetID.
- For Alumni and Affiliates (Conferees, Parent Volunteers, Spouses, etc.)
- The applicant must have:
- A valid, active NetID, and
- An active role in a University business process, activity or academic activity, that requires VPN access to fulfill the duties or responsibilities of that role (e.g. a Parent Volunteer who needs VPN access to maintain a website connecting current students with recent graduates).
- Lead Administrators are responsible for verifying (through the applicant, the sponsor, or by other means) that the applicant requires the access requested and that a business or academic need exists.
- For University Systems
- The system must meet the follow criteria:
- A valid, active Responsible NetID associated with the system, and
- If the system will house electronic protected health information (ePHI) or confidential numbers (e.g. credit card numbers, or social security numbers), appropriate measures must be in place to secure this data — the Information Security Office will verify this independently if the presence of this type of data is indicated on the exception form.
Sponsorship and Lead Administrator Approval
A faculty member or M&P Employee with an active University affiliation must sponsor any access request on behalf of an ineligible user or University System. The sponsor’s lead administrator must approve the request and submit the form to Client Accounts. If the lead administrator is also acting as sponsor, secondary approval is not required.
Final approval for each request is at the discretion of Client Accounts and the Information Security Office.
To submit a request, do the following:
If the applicant does not have a NetID, a Sponsored Identity record needs to be created. The new NetID must be activated before you can complete the rest of this process. Refer to this website: https://its.yale.edu/secure-computing/identity-and-access-management/accounts-and-access/sponsored-identity.
1. Download Form 1601 FR.01 VPN Access Exception Request.
2. Fill out the form.
3. Sign and submit the form per the instructions on the form.
Client Accounts will contact the lead administrator via telephone or email with the status of the request or if more information is required.
Eligible users who become ineligible because their Yale affiliation has changed will have their VPN access rights removed.
Exceptions Granted to Ineligible Users
All exceptions granted through the exception process will expire each October. However, lead administrators may submit an email request to Client Accounts to terminate access at an earlier date if VPN access is no longer needed.
To renew access, a new application for access must be submitted.
The ITS Website has specific instructions for obtaining VPN software and connecting to Yale VPN.